Details
Description
at the moment provider access token is non expiring and given the risk associated with it, it could leak and lead to serious consequence (especially if it is a token used for deployment purposes).
One solution could be implementing expiry of such token, while a better one could be adding OIDC support to provider access token, so that the IDP provides the needed expiry and validation rules.